<?php
include_once( "common.php" );
checkLogin( STATUS_ADMIN );

# Verify the user
if ( ! isValidEntry( "User", $_POST["id"] ) )
    outputAlert( "Invalid input", "You entered invalid input." );

# Get the user's current information
$result = db_query( "SELECT * From User WHERE User.id = {$_POST["id"]}" );
$row = db_fetch_object( $result );

# Change the user's name
if ( trim( $_POST["user"] ) != "" and $_POST["user"] == addslashes( $_POST["user"] ) and $row->name != $_POST["user"] )
{
    db_query( "UPDATE User SET User.name = '{$_POST["user"]}' WHERE User.id = {$_POST["id"]}" ) or outputAlert( "Database error", "A database error occurred and the user's name was not updated." );
}

# Reset the user's password
if ( trim( $_POST["password"] ) != "" and $_POST["password"] == $_POST["confirm"] )
{
    # Hash the password
    $password = md5( $_POST["password"] );

    # Update it
    db_query( "UPDATE User SET User.password = '{$password}' WHERE User.id = {$_POST["id"]}" ) or outputAlert( "Database error", "A database error occurred and the user's password was not updated." );
}

# Adjust the user's status
if ( is_numeric( $_POST["status"] ) and $_POST["status"] >= STATUS_GUEST and $_POST["status"] <= STATUS_ADMIN and $row->status != $_POST["status"] and $_POST["id"] != $_SESSION["user"] )
{
    # Update it
    db_query( "UPDATE User SET User.status = {$_POST["status"]} WHERE User.id = {$_POST["id"]}" ) or outputAlert( "Database error", "A database error occurred and the user's status was not updated." );
}

# Update the user's visibility
# Get a list of all project IDs
$projects = array();
$result = db_query( "SELECT Project.id FROM Project" );
while ( $row = db_fetch_object( $result ) )
    $projects[] = $row->id;

# Verify the projects
if ( isset( $_POST["visibility"] ) )
{
    foreach ( $_POST["visibility"] as $project )
    {
        if ( ! isValidEntry( "Project", $project ) )
            outputAlert( "Invalid invalid", "You entered invalid input." );
    }
}

foreach ( $projects as $project )
{
    # Check existing visibility
    $result = db_query( "SELECT UserProject.* FROM UserProject WHERE UserProject.user = {$_POST["id"]} AND UserProject.project = {$project}" );

    # Add the visibility
    if ( isset( $_POST["visibility"] ) and in_array( $project, $_POST["visibility"] ) and db_num_rows( $result ) == 0 )
        db_query( "INSERT INTO UserProject VALUES( {$_POST["id"]}, {$project} )" ) or outputAlert( "Database error", "A database error occurred and the project visibility was not updated." );

    else if ( isset( $_POST["visibility"] ) and ! in_array( $project, $_POST["visibility"] ) and db_num_rows( $result ) == 1 )
        db_query( "DELETE FROM UserProject WHERE user = {$_POST["id"]} AND project = {$project}" ) or outputAlert( "Database error", "A database error occurred and the project visibility was not updated." );
}

# Reset the user's feed URL
if ( $_POST["feed"] == "feed" )
{
    # Assume someone has taken this URL
    $taken = true;

    while ( $taken )
    {
        # Come up with a random feed URL
        $url = md5( mt_rand( 0, mt_getrandmax() ) . time() );

        # See if anyone else owns this yet
        if ( db_num_rows( db_query( "SELECT User.feed FROM User WHERE User.feed = '{$url}'" ) ) > 0 )
            $taken = true;
        else
            $taken = false;
    }

    # Update it
    db_query( "UPDATE User SET User.feed = '{$url}' WHERE User.id = {$_POST["id"]}" ) or outputAlert( "Database error", "A database error occurred and the user's feed URL was not updated." );
}

# Lock the user
if ( $_POST["lock"] == "lock" and $_POST["id"] != $_SESSION["user"] )
{
    db_query( "UPDATE User SET User.locked = 1 WHERE User.id = {$_POST["id"]}" ) or outputAlert( "Database error", "A database error occurred and the user was not locked." );
}
else
{
    db_query( "UPDATE User SET User.locked = 0 WHERE User.id = {$_POST["id"]}" ) or outputAlert( "Database error", "A database error occurred and the user was not unlocked." );
}

# Delete the user
if ( $_POST["delete"][0] == "delete" and $_POST["delete"][1] == "confirm" and $_POST["id"] != $_SESSION["user"] )
{
    # Remove comments
    db_query( "DELETE FROM Log WHERE Log.user = {$_POST["id"]}" ) or outputAlert( "Database error", "A database error occurred and the user's logs were not removed." );

    # Remove all references in logs
    db_query( "UPDATE Log SET Log.assigned = -1 WHERE Log.assigned = {$_POST["id"]}" ) or outputAlert( "Database error", "A database error occurred and the user's log references were not removed." );

    # Reassign bugs
    db_query( "UPDATE Bug SET Bug.assigned = 0 WHERE Bug.assigned = {$_POST["id"]}" ) or outputAlert( "Database error", "A database error occurred and the user's bugs were not reassigned." );

    # Remove visibility
    db_query( "DELETE FROM UserProject WHERE UserProject.user = {$_POST["id"]}" ) or outputAlert( "Database error", "A database error occurred and the user's visibility was not removed." );

    # Delete the user
    db_query( "DELETE FROM User WHERE User.id = {$_POST["id"]}" ) or outputAlert( "Database error", "A database error occurred and the user was not removed." );

    header( "Location: admin.php" );
    exit();
}

# Go back to editing this user
header( "Location: viewUser.php?id={$_POST["id"]}" );
?>
